Skip to content

Amazon API Gateway

FullstackCodingGuy edited this page Feb 17, 2025 · 5 revisions
  • It is a managed service to Create, Publish, Maintain, Monitor, Secure APIs at any scale

  • Can create APIs in 2 ways RESTful, WebSocket

  • Traffic Management and Throttling

  • CORS Support

  • Authorization and access control

  • Monitoring

  • API Version Management

HTTP

  • Low latency
  • Cost effective integrations

REST

API Gateway Considerations

Data Protection

  • Multi Factor Authentication, OTP Validation
  • Always use SSL/TLS for communication
  • Setup CloudTrail to view all api calls and user activity in the account
  • Encryption at rest and transit

AWS IAM

Logging & Monitoring

  • CloudWatch - to monitor performance metrics

Compliance Validation

  • AWS Responsible for the infra, you are responsible for the data/software/app

Resiliency

  • Leverage multiple Availability zones
  • Plan for High Availability

Infrastructure Security

Vulnerability Analysis

  • Analyse the security threats for your apis as it is directly exposed outside to internet users
  • Create security zones - public and secure zone to protect sensitive services/databases from being exposed
Clone this wiki locally